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Method for payment via the Internet 



PCT/NL99/00060 



The present invention relates to a method for processing a transaction between a first 
computer application and a second computer application. More specifically, the invention 
5 relates to a method for processing a transaction via a network, such as the Internet. The 
first computer application is, for example, implemented on a computer of a supplier of 
services and/or products and the second computer application can be implemented on a 
computer of a user who can be connected via the network to the supplier's computer, so 
that the user is able to view and order services and/or products, 
10 A second aspect of the invention relates to the provision of a medium that contains 

the data needed to carry out the method according to the invention. 

A secure and reliable method of paying for the services and/or products purchased 
is crucial in the case of transactions of this type. A known method of payment via, for 
example, the Internet is to pass on the card number and the expiry date of a credit card, 
15 after which the supplier who supplies the service and/or the product is then paid by the 
credit card company. 

Another known method of payment is to open a customer account for the supply of 
services or products with a supplier. The customer is then able to order services and/or 
products from the supplier via, for example, the Internet, provided that he/she has sufficient 

20 credit in his/her account. Usually he/she will then have to enter a user name and a 
password when ordering. 

The known methods of payment have a number of significant disadvantages. 
Registration of the customer, either direcfly by the supplier or indirectly via a credit card 
company, is usually required, which costs time, has the effect of increasing the barrier to 

25 be overcome and gives no guarantee of privacy and/or anonymity. It can also be necessary 
for the user's computer to be equipped with, for example, a smart card reader with special 
software, which incurs additional costs and ensures that the user is tied to that specific 
computer. These disadvantages lead to a customer being less readily inclined to make 
occasional or impulse payments for services and/or products which, for example, can be 

30 supplied via the Internet. 

Further disadvantages are that the known methods of payment are tied to a person and 
that there is a security risk. For example, the number and the expiry date of the credit card 
can be intercepted, after which the credit card can be misused to charge up an appreciable 



( 
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sum. 

The object of the present invention is to provide a method for processing a 
transaction which does not have the said disadvantages of the known methods. 

The object is achieved by means of a method of the type defined in the preamble, 
5 characterised in that the method comprises the following steps: 

(a) transmission of a first message by the first computer application to a third 
computer application in order to activate a payment program on the third computer 
application; 

(b) transmission of a second message by the third computer application to the 
10 second computer application in order to activate a payment program on the second 

computer application; 

(c) a request by the second computer application for input of a card number, which 
is specified on a card, by the user, after which the second computer application then 
transmits a third message containing the card number to the third computer application; 

15 (d) checking of the card number and determination of the serial number of one of 

a plurality of associated security codes by the third computer application, after which the 
third computer application transmits a fourth message to the second computer application, 
the fourth message containing the serial number of the security code; 

(e) a request by the second computer application to the user to enter that security 
20 code specified on the card which is associated with the serial number transmitted, after 

which the second computer application transmits a fifth message containing the security 
code to the third computer application; 

(f) checking by the third computer application that the security code associated 
with the serial mmiber and card number corresponds to the security code received from the 

25 second computer application, after which a sixth message is transmitted by the third 
computer application to the first and second computer applications, the sixth message 
containing an acceptance or refusal of the transaction. 

The third computer application is, for example, implemented on a computer belonging 
to a body which issues the cards and conducts the transactions. 
30 The codes and numbers associated with a card are known only to the body which 

implements the third computer application and are specified on a card which is in the 
possession of the user who uses the second computer application to make payments. 

The advantage of the method for processing a transaction between a first computer 
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application and a second computer application according to the present invention is that 
there is no requirement for registration of the user with the supplier and the body which 
issues the cards, which gives a guarantee of privacy and, if desired, anonymity. 

Furthermore, as soon as an associated card has been purchased the card can be used 
5 to conduct transactions, as a result of which the method is suitable for occasional and 
impulse purchases. 

No additional equipment and/or software is required, which makes the method 
according to the invention inexpensive and simple. Furthermore, the user is not tied to a 
special computer provided with additional peripherals and/or software. 
10 The outstanding balance on the card is linked to the card number and not to a person. 

Therefore, it is also possible to transfer the card to someone else or to let someone else use 
the card. 

The method is suitable for transactions where payment is made in currency, but also 
for transactions where other units are used (for example x accesses to a database, y games, 
15 z weather reports). 

Furthermore, the method according to the invention is suitable for both credit and 
debit transactions. 

Because multiple security codes are used, it is unpredictable which security code will 
be used. Tapping data traffic is thus virtually pointless because a different security code 
20 can be used for a subsequent transaction with the same card. 

The level of security can be tailored to the desired requurements. For example, the 
security codes can be made longer or, on the contrary, shorter and the number of security 
codes specified on the card can be increased or reduced. 

With the method according to the invention, the risk of messages being tapped, 
25 misuse or loss is always restricted to the value of the outstandfaig balance on the card and 
not, as in the case of a credit card, to the credit limit of the card. 

If the outstanding balance on a card is not sufficient to complete a transaction, steps 
(c) to (f) of the method can be repeated with another card. 

In one embodiment of the method according to the invention, the computer 
30 applications are implemented on at least two computers which are linked to one another 
via a network, for example, the Internet. 

As a result a user is able to view, order and pay for products and/or services from 
a supplier remotely. The first and third computer applications are then, for example, both 
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implemented on a computer located on the supplier's premises, which, for example, can be 
linked via the Internet to a user's computer on which the second computer application is 
implemented. In this case the supplier can also be the body which issues the cards and 
processes the transactions. 
5 Although with known methods a check is made to determine whether the user is 

authorised to make payments (adequate balance, correct oredit card number), these methods 
do not offer the possibility for the user to check whether the party receiving the payment 
is authorised. 

In one embodiment of the invention the third computer application also includes at 
10 least one verification code associated with the card number in the fourth message in step 
(d) and in step (e) the second computer application also asks for confirmation that the at 
least one verification code transmitted corresponds to the at least one verification code 
specified on the card and the latter application includes the result of this in the fifth 
message. 

15 This embodiment has the advantage that bilateral authorisation takes place. There is 

not only a check to determine whether the user is authorised to make payments, there is 
also a check to determine whether the body which is processing the transactions (with the 
aid of the third computer application) is authorised. 

In a further embodiment, the fourth message contains the amount to be paid and/or 

20 the balance on the card and the second computer application displays the amount to be paid 
and/or the balance on the card to the user after receipt of the fourth message. This 
provides the user with additional ease of use and a further possibility for checking the 
transaction. 

In a further embodiment each message is provided with a transaction identifier. This 
25 makes it possible for the third computer application to process multiple transactions 
simultaneously. 

In a further embodiment of the method according to the invention, the contents or 
part of the contents of one or more of the messages are/is encrypted, so that the contents 
of the messages cannot be decoded by others. This makes it possible to provide security 
30 for the exchange of messages if necessary. The level of security which is considered 
necessary can be adapted by selecting a specific type of encryption. 

A second aspect of the invention relates to a medium which is suitable for performing 
the method according to the invention, characterised in that the medium contains at least 
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one card number and at least one security code with associated serial numben 

A further embodiment of the medium also contains at least one verification code. 

Because all data required to perform the method according to the present invention 
are contained on the medium according to a second aspect of the invention, it is possible 
to process transactions without special facilities in the form of equipment, software, 
registration, etc. being required for this. 

In one embodiment the medium according to the present invention is constructed in 
the form of a printed card, the data being printed on the card. It is also possible to specify 
the data on a card in such a way that said data can be read with the aid of generally 
available equipment. In this context consideration can be given to a magnetic card, a smart 
card or a card provided with barcodes. 

In a further embodiment of the present invention, the medium is constructed as a 
computer-readable medium, such as, for example, a diskette or a CD-ROM. 

The present invention will now be explained with reference to a preferred 
embodiment and the appended drawings, in which: 

Fig. 1 shows a preferred embodiment of a card containing the data which a user 
requires in order to be able to perform the method according to the invention; 

Fig. 2 shows a diagram of the systems involved in a transaction according to the 
present invention. 

Fig. 1 shows a preferred embodiment of a card 1 containing the data which a user 
requires in order to be able to perform the method according to the invention. The card 
1 specifies a card number 2 (which can be a numeral or an alphanumeric sequence) and 
several, in this case six, arbitrarily chosen security codes 4, which are indicated by a serial 
number 3. In addition the card 1 specifies a verification code 5. The numbers associated 
with a card (card number 2, security codes 4 with associated serial number 3 and the 
verification code 5) are otherwise known only to the body which issues the cards 1 and 
performs the transactions. 

In its simplest embodiment, the card 1 is a small-format card with the data required 
for performing the method according to the invention printed thereon. It is also possible 
to specify the data on a card in such a way that said data can be read with the aid of 
generally obtainable equipment. In this context consideration can be given to a magnetic 
card, a smart card or a card provided with barcodes. In a further embodiment of the 
present invention, the data which are needed to perform the method according to the 
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invention are stored on a computer-readable medium, such as, for example, a diskette or 
a CD-ROM. 

Fig. 2 shows a diagram of the systems involved in a payment in accordance with the 
method of the present invention. A supplier's computer 11, which runs the first computer 
5 application, a user's computer 12, which runs the second computer application, and a 
transaction computer 13, which runs the third computer application, are shown. The 
computers 11, 12, 13 are linked to one another via a network 10, for example the Internet. 
The computers are generally known computers which are provided with input means such 
as a mouse and keyboard and a monitor for displaying information. 

10 It will be obvious to a person skilled in the art that the communication between the 

transaction computer 13 and the user's computer 12 can also proceed via the supplier's 
computer 11. It will also be obvious that the supplier himself can be the body which issues 
the cards 1 and performs the transactions. The first and third computer applications can 
then be implemented on one computer. 

15 Via the network 10, the user is connected, with the aid of the user's computer 12, to 

a supplier's computer 11 and is able, for example with the aid of a further computer 
application, to use the supplier's computer 11 to view what services and/or products are 
offered by the supplier. As soon as the time at which payment has to be made (in money 
or other units) has been reached, a payment module on the transaction computer 13 is 

20 activated from the further computer application on the supplier's computer 11 by 
transmitting a first message. By means of this transmission the sum or the number of units 
to be paid is/are passed on by the first computer application on the supplier's computer 11, 
By means of a second message, the payment module on the transaction computer 13 
activates a payment module on the user's computer 12 which asks the user to enter the card 

25 number 2. This information is transmitted m a third message to the payment module on 
the transaction computer 13, which checks whether the card number has an active status. 
The payment module on the transaction computer 13 then compiles a fourth message for 
the payment module on the user's computer 12, which message incorporates at least the 
serial number 3, selected by the payment module on the transaction computer 13, of the 

30 security code 4 to be checked and an alphanumeric value of arbitrary composition. On 
receipt of the fourth message, the payment module on the user's computer 12 will ask the 
user to enter the security code 4 which has the serial number 3 indicated in the message 
from the transaction computer 13. The alphanumeric value of arbitrary composition 
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received in the fourth message from the transaction computer 13 is, if necessary, encrypted 
by the payment module on the user's computer 12 with the aid of the security code 4 
entered. Said encrypted value is sent back by the user's computer 12 in a fifth message to 
the transaction computer 13, where it is compared with an encrypted value that has been 
5 calculated by the payment module on the transaction computer 13. If the received and 
calculated encrypted values are identical, this confirms that the user has entered the correct 
security code 4. The payment module on the transaction computer 13 will send a sixth 
message to the payment module on the user's computer 12 to confirm that payment has 
been made. Furthermore, the payment module on the transaction computer 13 sends the 
10 sixth message to the application on the supplier's computer 11 in which payment is 
confirmed. 

If the outstanding balance on a card 1 is insufficient to process a transaction, steps 
(c) to (f) of the method can be repeated with another card 1. 

In a preferred embodiment the fourth message also contains a verification code 5 
15 associated with the card number. The user's computer 12 displays this verification code 
5 to the user and asks the user to confirm that this code corresponds to the verification 
code 5 specified on the payment card 1. The confirmation or denial of correspondence is 
then included by the user's computer 12 in the fifth message and transmitted to the 
transaction computer 13. This provides the user with an opportunity to check whether the 
20 transaction computer 13 is authorised to perform transactions. In one embodiment the sum 
or the number of units to be paid and the current balance on the card are also included in 
said message. This is then displayed by the user's computer 12 for checking by the user. 

In a further embodiment, all messages which are exchanged in the context of the 
method are provided with a transaction number. This simplifies the identification of a 
25 specific payment and makes it possible for the transaction computer 13 to handle multiple 
transactions simultaneously. 

In one embodiment the contents or part of the contents of the messages which are 
exchanged in the method according to the invention can be encrypted by means of a 
suitable encryption mechanism. The level of security can be chosen by selecting a specific 
30 type of encryption mechanism. 
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Claims 

1. Method for processing a transaction between a first computer application and 
a second computer application, characterised in that the method comprises the following 

5 steps: 

(a) transmission of a first message by the first computer application (11) to a third 
computer application (13) in order to activate a payment program on the third computer 
application (13); 

(b) transmission of a second message by the third computer application (13) to the 
10 second computer application (12) in order to activate a payment program on the second 

computer application (12); 

(c) a request by the second computer application (12) for input of a card number 
(2), which is specified on a card (1), by the user, after which the second computer 
application (12) then transmits a third message containing the card number (2) to the third 

15 computer application (13); 

(d) checking of the card number (2) and determination of the serial npmber (3) of 
one of a plurality of associated security codes (4) by the third computer application (13), 
after which the third computer application (13) transmits a fourth message to the second 
computer application (12), the fourth message containmg the serial number (3) of the 

20 security code (4); 

(e) a request by the second computer application (12) to the user to enter that 
security code (4) specified on the card (1) which is associated with the serial number (3) 
transmitted, after which the second computer application (12) transmits a fifth message 
containing the security code (4) to the third computer application (13); 

25 (f) checking by the third computer application (13) that the security code (4) 

associated with the serial number (3) and card number (2) corresponds to the security code 
(4) received from the second computer application (12), after which a sixth message is 
transmitted by the third computer application (13) to the first (11) and second (12) 
computer applications, the sixth message containing an acceptance or refusal of the 

30 transaction. 

2. Method according to Claim 1, characterised in that the computer applications 
are implemented on at least two computers (11; 12; 13) which are linked to one another 
via a network (10). 
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3. Method according to Claim 2, characterised in that the messages are transmitted 
via the Internet. 

4. Method according to Ciaun 1, 2 or 3, characterised in that the third computer 
application (13) also mcludes at least one verification code (5) associated with the card 

5 number (2) in the fourth message in step (d) and m step (e) the second computer 
application (12) also asks for conjSrmation that the at least one verification code (5) 
transmitted corresponds to the at least one verification code (5) specified on the card (1) 
and includes the result of this in the fifth message. 

5. Method according to one of the preceding claims, characterised in that the 
10 fourth message contains the amount to be paid and in that the second computer application 

(12) displays the amount to be paid to the user after receipt of the fourth message. 

6. Method according to one of die preceding claims, characterised m that the 
fourth message contains the balance on the card and in that the second computer 
application (12) displays the balance on the card to the user after receipt of the fourth 

IS message. 

7. Method according to one of the precedmg claims, characterised in that each 
message is provided with a transaction identifier. 

8. Method according to one of the preceding claims, characterised in that the 
contents or part of the contents of one or more of the messages are/is encrypted. 

20 9. Medium for application of the method according to one of Qaims 1 to 8, 

characterised in that the medium contams a card number (2) and at least one security code 
(4) with associated serial number (3). 

10. Medium according to Qaim 9, characterised m that the medium also contains 
at least one verification code (5). 

25 11. Medium according to Claun 9 or 10, characterised in that the medium is a 

printed card (1). 

12. Medium according to Claim 9 or 10, characterised in that the medium is a 
computer-readable medium. 
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